Denial-of-Service Vulnerability in Siemens EN100 Ethernet Module
CVE-2015-5374

Currently unrated

Key Information:

Vendor
Siemens
Status
Siprotec Firmware
Vendor
CVE Published:
18 July 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 52%

Summary

A vulnerability exists in the Siemens EN100 Ethernet module variants that allows an attacker to send specially crafted packets to port 50000/UDP, leading to a denial-of-service condition. This can disrupt normal operations and may require a manual reboot to restore functionality. The issue affects various firmware versions across multiple protocols including PROFINET IO, Modbus TCP, DNP3 TCP, and IEC 104, making it critical for users to update to the latest firmware versions to mitigate risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-5374-DoS-PoC
Created by can

References

https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM
http://www.siemens.com/innovation/pool/de/forschungsfelde...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/44103/
exploitx_refsource_EXPLOIT-DB

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.